University of Makati

College of Computer Science

ELEC3
DIGITAL FORENSICS

Laboratory

2
Activity

Disk Encryption Checking

Submitted by:

NO. NAME eSIGNATURE

Leader Mariano, Carl Jacob
MEMBERS
1 Jarabata, Maria Angelita
2 Redoloso, James Lloyd
3 Valentin, Vince
4

Submitted to:

ENGR. EDGARDO TAN CRUZ

1
I. OBJECTIVES:

At the end of this exercise, students should be able to:

1. Understand the concepts of Disk Encryption; and
2. Apply the Forensic Tool using Encrypted Disk Detector.

II. SCENARIO:
Your group was instructed to go to a crime scene and found a live machine that is running a
windows OS. After that, you were asked to do the following task below and need to provide
documentation. (You will use your PC/laptop as a live machine and kindly rename one of
your drives to your leader’s surname)

TASKS:
• Determine any encrypted drive on the system.

FORENSICS TOOLS:
• EDD by Magnet Forensics

III. ENGAGE: Provide a step-by-step procedure on how to use the EDD. (Provide screenshot).

2
IV. QUESTIONS:
1. Does EDD search all files on the drive? Explain.
EDD may examine all files on the disk and display the inside of the drive's results.
2. Does EDD changes to drives or files on the live system?
The EDD result is the same and hasn't changed when I examine the device's local disk.

V. CONCLUSION: (Individual)

Before doing these, we encounter a light problem where the anti-virus blocking the
application which turns out to us to troubleshoot the problem. By doing the activity we actually
trying to figuring out on how to use this application. When we search all the files on the drive the
result came out, there are three drive these three drives is fixed type, the filesystem is NFTS and
each drives has different size of storage and also the free space is difference GB.